ProtonVPN Wireguard Port Forward using natpmpc

Started by alscx, Today at 03:24:54 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 03:24:54 AM
Hello,

I've subscribed to ProtonVPN and successfully configured a Wireguard connection in my Opnsense (25.7.11_9-amd64).

The thing is I've been trying for the last 3-4 days to forward a couple of ports in order to use qBittorrent and Nicotine (both running as docker containers) and I sincerely don't know what else to try...

I adapted some script that I found that, running on the machine that runs docker and using natpmpc (192.168.1.7), runs all time and maps the desired internal ports to the public ports provided by ProtonVPN.

Code Select
Requested tcp port 2234 -> Mapped public port: 34926
Requested udp port 2234 -> Mapped public port: 34926
Requested tcp port 6881 -> Mapped public port: 41524
Requested udp port 6881 -> Mapped public port: 41524
I then created the following in Firewall -> NAT -> Port Forward ("PROTWGNL" is the Wireguard interface and "PROTWGNL address" is the Wireguard addr 10.2.0.2):

Code Select
Interface        Proto              Address     Ports   Address                         Ports       IP                    Ports      Description
PROTWGNL TCP/UDP *             * PROTWGNL address 41524 192.168.1.7 6881 qBittorrent
By the way, I've tried forwarding the public port both to the same port internally (41524, making the corresponding changes on the script and also on qBittorrent) and to this port I'm currently using (6881), but the result is the same.
Also, I configured, based on a suggestion given by someone in another thread, "Set local tag" to PORT_FORWARD_VPN to afterwards create a floating rule.

Also, in Firewall -> NAT -> Outbound ("Hosts_ProtonVPN_WG_NL" is a group of aliases IPs that access this VPN, 192.168.1.7 included):

Code Select
Interface Source                                         Source Port Destination Destination Port NAT Address         NAT Port Static Port Description
PROTWGNL Hosts_ProtonVPN_WG_NL  *                 *                 *                         Interface address *                  NO
And in Firewall -> Rules -> PROTWGNL (I had tried to limit only the specific internal IP and port, but then just allowed everything to test):

Code Select
Protocol         Source Port Destination Port Gateway Schedule Description
IPv4 TCP/UDP *         *         *                 *         *                 *
The option "State Type" is configured as "None" and I tried in different occasions both setting the "Gateway" and "reply-to" as the Wireguard Gateway, as instructed in some post I read here.


Firewall -> Rules -> LAN:

Code Select
Protocol Source                                         Port   Destination                 Port Gateway                                 Schedule Description
IPv4 *         Hosts_ProtonVPN_WG_NL  *           ! RFC1918_Networks  *         PROTONVPN_WG_GATEWAY *
I also created in Firewall -> Rules -> Floating:

Code Select
Protocol         Source                         Port Destination                 Port Gateway                                 Schedule Description
IPv4 TCP/UDP PROTWGNL address *         ! PROTWGNL net *         PROTONVPN_WG_GATEWAY *                          *
Here I configured "Match local tag" as PORT_FORWARD_VPN and the "Direction" is set to out.

I remember being able to forward ports when I used AirVPN and it wasn't so hard... Am I maybe doing something wrong here? I appreciate any help.
Print
Go Up Pages1
User actions